aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtls')
-rw-r--r--src/libtls/tls.c4
-rw-r--r--src/libtls/tls.h3
-rw-r--r--src/libtls/tls_crypto.c12
-rw-r--r--src/libtls/tls_crypto.h4
4 files changed, 16 insertions, 7 deletions
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 4384c0749..f8f7e848e 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -172,7 +172,7 @@ METHOD(tls_t, destroy, void,
* See header
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer)
+ identification_t *peer, char *msk_label)
{
private_tls_t *this;
@@ -193,7 +193,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
.peer = peer->clone(peer),
);
- this->crypto = tls_crypto_create(&this->public);
+ this->crypto = tls_crypto_create(&this->public, msk_label);
if (is_server)
{
this->handshake = &tls_server_create(&this->public, this->crypto,
diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index 67ee74230..923c87ae1 100644
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -162,9 +162,10 @@ struct tls_t {
* @param is_server TRUE to act as server, FALSE for client
* @param server server identity
* @param peer peer identity
+ * @param msk_label ASCII string constant used as seed for MSK PRF
* @return TLS stack
*/
tls_t *tls_create(bool is_server, identification_t *server,
- identification_t *peer);
+ identification_t *peer, char *msk_label);
#endif /** TLS_H_ @}*/
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 0bbfd81fb..b8eb87bf6 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -316,9 +316,14 @@ struct private_tls_crypto_t {
chunk_t iv_out;
/**
- * EAP-TLS MSK
+ * EAP-[T]TLS MSK
*/
chunk_t msk;
+
+ /**
+ * ASCII string constant used as seed for EAP-[T]TLS MSK PRF
+ */
+ char *msk_label;
};
typedef struct {
@@ -855,7 +860,7 @@ METHOD(tls_crypto_t, derive_eap_msk, void,
seed = chunk_cata("cc", client_random, server_random);
free(this->msk.ptr);
this->msk = chunk_alloc(64);
- this->prf->get_bytes(this->prf, "client EAP encryption", seed,
+ this->prf->get_bytes(this->prf, this->msk_label, seed,
this->msk.len, this->msk.ptr);
}
@@ -884,7 +889,7 @@ METHOD(tls_crypto_t, destroy, void,
/**
* See header
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls)
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label)
{
private_tls_crypto_t *this;
@@ -904,6 +909,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
.destroy = _destroy,
},
.tls = tls,
+ .msk_label = msk_label
);
build_cipher_suite_list(this);
diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h
index 5fe90d868..09f1a0e8a 100644
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@@ -359,7 +359,9 @@ struct tls_crypto_t {
/**
* Create a tls_crypto instance.
+ *
+ * @param msk_label ASCII string constant used as seed for MSK PRF
*/
-tls_crypto_t *tls_crypto_create(tls_t *tls);
+tls_crypto_t *tls_crypto_create(tls_t *tls, char *msk_label);
#endif /** TLS_CRYPTO_H_ @}*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-01 08:14:24 +0000